fix the setusercontext(3) workaround

Seeing this being used on even more system like Illumos with this ugly and security critical bug open makes me cringe every time I check if it was finally fixed. I reported it directly to the maintainer in 2017. I reported it to pkgsrc-security@netbsd.org without a response.
2024-07-22 10:44:10 +00:00 · 2019-09-03 00:41:14 +02:00 · 2019-09-03 00:41:14 +02:00 · 6cf0236184
parent 6886689b6b
commit 6cf0236184
1 changed files with 17 additions and 8 deletions
--- a/doas.c
+++ b/doas.c
@ -542,6 +542,23 @@ main(int argc, char **argv)
 	    LOGIN_SETPRIORITY | LOGIN_SETRESOURCES | LOGIN_SETUMASK |
 	    LOGIN_SETUSER) != 0)
 		errx(1, "failed to set user context for target");
+#else
+	#if defined(__linux__) || defined(__FreeBSD__) || defined(__NetBSD__)
+	if (setresgid(target_pw->pw_gid, target_pw->pw_gid, target_pw->pw_gid) == -1)
+		err(1, "setresgid");
+	#else
+	if (setregid(target_pw->pw_gid, target_pw->pw_gid) == -1)
+		err(1, "setregid");
+	#endif
+	if (initgroups(target_pw->pw_name, target_pw->pw_gid) == -1)
+		err(1, "initgroups");
+	#if defined(__linux__) || defined(__FreeBSD__) || defined(__NetBSD__)
+	if (setresuid(target, target, target) == -1)
+		err(1, "setresuid");
+	#else
+	if (setreuid(target, target) == -1)
+		err(1, "setreuid");
+	#endif
 #endif
        /*
 	if (pledge("stdio rpath exec", NULL) == -1)
@ -557,14 +574,6 @@ main(int argc, char **argv)
        if (pledge("stdio exec", NULL) == -1)
 		err(1, "pledge");
        */
-#ifndef HAVE_LOGIN_CAP_H
-        /* If we effectively are root, set the UID to actually be root to avoid
-           permission errors. */
-        if (target != 0)
-           setuid(target);
-        if ( geteuid() == ROOT_UID )
-           setuid(ROOT_UID);
-#endif

 	syslog(LOG_AUTHPRIV | LOG_INFO, "%s ran command %s as %s from %s",
 	    myname, cmdline, target_pw->pw_name, cwd);